dbo

You're a bit long winded for my taste (no offense), so I didn't read line by line. That being said... you nailed it when you said you need to practice. Find real life projects that you're passionate about. Don't worry about how to do them initially, just dream up something you want to do. Once you've have idea you're passionate about then you jump into the SDLC stuff that some of the others are talking about. Each step along the way you should reflect and think about how you can do things better next time. As you encounter feature sets that you aren't sure how to implement you'll be forced to research. If you do this every day and you take it seriously you'll get much better, if you don't... you won't. It's up to you young padewan.

I believe it was the multiline problem, though I didn't use the m modifier. Perhaps I'll experiment more. Ultimately what I ended up doing was making my search pattern a bit more generic by using .* in a couple of places to eat whatever may exist.

I'm trying to parse some data out of a large HTML string. When I try this with the full HTML document it fails to find a match yet if I take a paragraph (which contains the search string) and hard code this block I'm able to find a match. Is there an issue with searching large strings or am I missing something?

I'm brainstorming ideas for a real time search application and I'm wondering how copyright comes into play for this. I realize this isn't a forum for legal advice, but just looking for more general thoughts right now. Google obviously does some linking to images on other sites, pricing type of stuff with it's Froogle service, etc. From your perspectives where is the line drawn when it comes into looking at data on other websites?

1) It really depends on the application and how many layers of security you want to implement. For most applications I would say this is overkill. You'll have to balance security and usability for your needs. 2) No it's not illegal.

Grossness, negatory. If you've ever done any ASP.NET development it's mainly similar to the validation controls you can use. It's pretty cool because I can write code without worrying about all the input validation crap and then after the fact I can easily drop it in. It's probably not the best way to do it still, but it's come in pretty handy. You do like: RuleValidator::register('email', 'Email'); RuleValidator::addIsNotNull('email', '{name} is required.'); RuleValidator::addIsEmail('email', 'Invalid format for {name}.'); I typically extend this class and can call it by like: if( RuleValidator::isValid('Contact') ) { //send the email } You can pluck the 'clean' variables out of the array using $email = get_clean('email'); Then if it needs escaped as part of the query that's when I'll run it through mysql_real_escape_string(). Like I said I'm sure there is a better way to do this, but it's what I came up with some time ago and I've not had a need to rework it yet, but if you have any suggestions I'd be happy to listen

It's not a generic function that does this, it would only be used in context to which rules applied to the current situation. In my class I assign a series of rules depending on the problem at hand and it validates according to those rules. If it passes it is available in the clean array, if it fails one or more errors are available and can be referenced by key. So unless I'm missing what you're saying. I agree that it depends on the context, thus it validates/stores based on context rather than being a generic catch all routine.

If you're really slick you can actually use the pages that control your business logic to also serve as the API. What do I mean? Well if a user posts some variables to http://www.somesite.com/calendar/add and this adds an event... well by using curl you could programatically pass those same variables to http://www.somesite.com/calendar/add and you can manage your business logic in one place instead of two. You'll just want to make sure you've taken precautions to validate who the user is doing the posting. Perhaps you do a scenario where like: if( $isLoggedIn || isValidToken($token) ) { //add the event } So a normal user on the site would only be able to post (update calendar) when logged in. Alternative the same user could post via the API (curl calls) by looking at their token to determine validity. Just some thoughts... the less code you have to write the better/easier to manage your site is going to be.

I suppose it would depend on the application. If you are 100% sure that you will only use $_POST in the class then you can probably get away with it. If there is ever a chance you might want to use $_GET, $_SESSION or perhaps some other user defined variable then you've just painted yourself into a corner. Personally I don't ever directly reference $_POST directly like that. I always take that data and run it through a validation/cleansing/escaping routine and store it in a $clean array. You know that any data in the $clean array is clean so I would be passing $clean['variable'] into my class rather than $_POST['variable']. Multiple ways to do this, just giving you some food for thought....

I'd also suggest using PHP5 syntax for classes and instead of using var $ps and use private $ps instead.

I see your point and I agree with your philosophy. How about IBM trying to patent using regular expressions to validate user input such as social security numbers? Good stuff... prior art out the wazoo. http://yro.slashdot.org/article.pl?sid=09/05/26/159249

If someone's plan is to protect their intellectual property (for better or worse...) how else do you suggest they do this?

Software patents are one of the most moronic ideas ever. You have undoubtedly infringed numerous patents already. Image previews is a valid patent for instance. http://webshop.ffii.org/ - All of those mundane things are still valid patents. What's your point? I'm not a fan of software patents either but they do give you grounds to take legal action if you want.

I'm not suggesting you don't. Make backups, use version control such as Subversion (SVN) and make each developer leverage their own source files only committing changes to the master that have been validated. That protects your source code. Worried that they're going to steal intellectual property? That's what non-disclosure agreements are for (NDA), patents, trademarks, etc. Again, take measures and be smart about it but if you have concerns then you're dealing with the wrong individuals. I don't think this is a problem you want to try and handle through technology b/c you're going to pull your hair out and thwart productivity. Furthermore, your ability to restrict access is further limited by your host b/c it sounds like you're on some sort of a hosting environment that you don't fully control.

If you're that worried about this developer doing something malicious then perhaps you need to find a new developer?